File Upload Vulnerability in Ultimate WooCommerce Gift Cards by MakeWebBetter
CVE-2020-35627

8.8HIGH

Key Information:

Vendor: WooCommerce
Status: Gift Cards
Vendor: CVE Published:; 28 December 2020

🔔 Create WooCommerce Vulnerability Alert

What is CVE-2020-35627?

The Ultimate WooCommerce Gift Cards 3.0.2 is susceptible to a file upload vulnerability located in the Custom Gift Card Template module. This vulnerability enables an attacker to upload a malicious file disguised as an image by altering the file extension to PHP. Once the upload is successful, the attacker can execute arbitrary PHP code on the server, potentially compromising the web application and its data.

References

https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d7...

x_refsource_MISC

https://makewebbetter.com/product/giftware-woocommerce-gi...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2020
Vulnerability Reserved
Dec 22, 2020